B4555 - Chapter 1-5

Introduction to Assurance and FS Auditing

The Study of Auditing

This figure demonstrates how the study of auditing is different from other accounting courses Most courses of study in the accounting field include a study of rules, computations, and techniques used for F/S analysis The study of auditing is different in that it is focused on development of analytical and logical skills and is more conceptual in nature Using common sense, innovating thinking

The Demand for Auditing and Assurance

• Auditor helps to ensure that there is no info asymmetry
• What management is reporting to their investors/predators is real and fairly stated
• The development of the corporate form of business and the expanding world economy over the last 200 years have given rise to an explosion in the demand for assurance provided by auditors
• Why? Owners of the companies are no longer the “owners”

Principals and Agents

Demand for auditing can be understood as the need for accountability when business owners hire others to manage their businesses Public company is a company that sells its shares or bonds to the public, giving the public a valid interest in the proper use of the company’s resources Managers serve as agents for the owners (aka., principals) and fulfill a stewardship function by managing the corporation’s assets

• There is a principal/agent relationship between shareholders and management
  • Shareholders have a valid interest in the proper use of a company’s resources
  • Management does not necessarily have the same goals as the shareholders
• The relationship between an owner and manager results in info asymmetry between the two parties
  • Info asymmetry means that the manager has more info about the “true” financial position and results of operations of the entity than does the absentee owner

The Role of Auditing

Figure 1.1 – overview of the principal agent relationship leading to the demand for auditing This is a useful way to remember the principal/agent relationship The role of auditing is to overcome the info asymmetry that exists between the principals (shareholders) and the agents (management) Management is making assertions As an independent party, the auditor, can gather evidence and offer the “absentee owners” a level of assurance that management is acting in the best interest of the firm Auditing is demanded because it plays a valuable role in monitoring the contractual relationships between the entity and its shareholders, managers, employees, and debt holders

Summary of Management Assertions by Category

• The role of auditing is to test management assertions about classes of transactions and events for the period under audit, about account balances at the period end, and related disclosures for transactions and balances

1. Existence
2. Occurrence
3. Completeness
4. Accuracy, valuation, and allocation

Relationships among Auditing, Attest, and Assurance Services

Figure 1.2 – relationships among auditing, attest, and assurance services These terms can be represented by concentric ellipses Auditing is the smallest, surrounded by attest, which in turn is surrounded by assurance This indicates that audits are a form of the attest function which is a form of assurance

Auditing, Attest, and Assurance Services Defined

	Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users Systematic processes implies that there should be a well-planned and thorough approach for conducting an audit
	Attest services occur when a practitioner is engaged to issue a report on subject matter, or an assertion about subject matter, that is the responsibility of another party Broader definition because auditing is not limited to economic events or actions
	Assurance services are independent professional services that improve the quality of info, or its context, for decision makers Good decisions require quality info, which can be financial or non-financial

Fundamental Concepts in Conducting a F/S Audit

Audit Assertions/Objectives

• B/S assertions:
  • Valuation
  • Existence
  • Rights and obligations
  • Completeness
• I/S assertions:
  • Completeness
  • Accuracy
  • Cut-off
  • Classification
  • Occurrence
• The audit assertions are sometimes called objectives and are similar to the management assertions
  • Minor differences: authorization is not an audit assertion

Figure 1.3 – overview of the F/S auditing process After terms of engagement are agreed upon between management and the auditor, the auditor obtains evidence from internal controls, transactions, and account balances The auditor tests the assertions management is making in the F/S The auditor issues an audit report that is to accompany the F/S of the company

Fundamental Concepts in Conducting a F/S Audit

These concepts drive our study of auditing

Materiality

• Materiality is the magnitude of an omission or misstatement of accounting info that makes it probable that the judgment of a reasonable person relying on the info would have been changed or influenced by the omission or misstatement
  • Ex: Garden Centre purchase a garbage can for $15
    • This is an asset and ideally capital assets are depreciated
  • In other words, materiality is an amount that will not impact the opinion of the F/S
• An auditor’s first task in planning an audit is to make a judgement about how big a misstatement would have to be before it would significantly affect users’ judgements
• Common rule of thumb: total (aggregated) misstatements of more than about 5% of income before tax would cause the F/S to be materially misstated

Audit Risk

• Note: more detail in chapter 3
• Audit risk is the risk that the auditor mistakenly expresses a clean audit opinion when the F/S are materially misstated
  • In other words, audit risk is the risk that an auditor will express on a decision
  • This can never be 0 because auditors can’t audit every transaction of an organization
• Auditing standards make it clear that the audit provides only reasonable assurance that the F/S do not contain material misstatements
• Reasonable assurance implies some risk that a material misstatement could be present in the F/S and the competent auditor will fail to detect it

1. The risk of the auditor being sued because of association with an auditee
2. The risk that the auditor will provide an unqualified opinion on F/S that are, in fact, materially misstated
3. The overall risk that a material misstatement exists in the F/S
4. The risk that auditors use audit procedures that are inappropriate

Audit Evidence Regarding Management Assertions

• Audit evidence is evidence that assists the auditor in evaluating management’s F/S assertions consists of the underlying accounting data and any additional info available to the auditor, whether originating from the client or externally
• Relevance is the evidence related to the specific assertion being tested
• Reliability is whether the evidence be relied upon to signal the true state of the specific assertion being tested
• We must have enough evidence to prove our opinion

Sampling: Inferences Based on Limited Observations

• Auditors use a sampling approach to examine a subset of the transactions based on previous audits, an understanding of the company’s internal control system, or knowledge of the company’s industry
• It would be too costly for the auditor to examine every transaction
• Data analytics will sometimes allow for testing entire populations

1. Auditors are experts and do not need to look at much to know whether the F/S are correct or not
2. Auditors must balance the cost of the audit with the need for precision
3. Auditors must limit their exposure to their auditee to maintain independence
4. The auditor's relationship with the auditee is generally adversarial, so the auditor will not have access to all of the financial info of the company

The Audit Process

Major Phases of an Audit

Structure of the Audit Report

• For public company audits, the title line of the audit report includes “Independent Auditor’s Report”
• Usually, the report is addressed to the shareholders and board of directors of the company
• The audit report includes sections titled:
  • “Opinion on the Financial Statements”
  • “Basis for Opinion”
  • “Critical Audit Matters”
• An explanatory paragraph with the auditor’s opinion of internal controls, if the report on internal controls is included in a separate report
• Concludes with:
  • Signature in the name of the audit firm
  • The personal name of the auditor, or both, as appropriate
  • Auditor addressee
  • Date of report

Types of Audit Reports

• The auditor’s report (audit opinion) is the main product or output of the audit

Unqualified

• The standard unqualified (clean) audit report is the most common type of report issued
• In this context, unqualified means that because the F/S are free of material misstatements, the auditor does not find it necessary to qualify his or her opinion about the fairness of the F/S

Qualified

• Suppose an auditee’s F/S contain a misstatement that the auditor considers material and management refuses to correct the misstatement or suppose that the auditor is unable to obtain sufficient appropriate evidence regarding a specific account
• The auditor will likely qualify the report, explaining that the F/S are fairly stated except for the misstatement identified by the auditor

Adverse

• Suppose an auditee’s F/S contain a misstatement that the auditor considers so material that it pervasively affects the interpretation of the F/S
• Given such a situation, the auditor will issue an adverse opinion, indicating that the F/S are not fairly stated and should not be relied upon

Disclaimer

• If a scope limitation is so pervasive that it limits the ability of the auditor to conclude on the F/S as a whole, the auditor will issue a “disclaimer of opinion,” indicating that it is not possible to express an opinion on the fairness of the F/S

1. Any disputes over significant accounting issues have been settled to the auditor's satisfaction
2. The auditor is satisfied that Stankey will be highly profitable in the future
3. The auditor is certain that Stankey's F/S have been prepared accurately and that all account balances are precisely correct
4. The auditor has determined that Stankey's management is not qualified to lead the company

Auditing Demands Logic, Reasoning, and Resourcefulness

• An auditor needs to understand more than just the accounting concepts and techniques
• Auditing is a fundamentally logical process of thinking and reasoning – so use your common sense and reasoning skills
  • As you learn new auditing concepts, try to understand the underlying logic and how the concepts interrelate with other concepts
• Being a good auditor requires imagination and innovation
• Understanding audit concepts is useful for all business professionals, consultants, and etc.

The F/S Auditing Environment

Key point of auditing is understanding the business

Types of Auditors

• Important requirement for each type of auditor is independence in some form from the entity being audited
• Requirements for CPA is summed up in 3 E’s 🡪 education, examination, and experience
• Must be independent in fact and in appearance
  • Appearance example: we cannot be seen to be having lunch with our client

External Auditors

• Often referred to as independent auditors
• May practice as a sole proprietor or as a member of a CPA firm
• External auditors are not employees of the entity being audited
• Audit F/S for publicly traded and private companies’ partnerships, universities, government entities, and other types of entities
• Mostly big 4 firms
• Must be CPA

Internal Auditors

• Internal auditors are employees of individual companies, government agencies, and other entities
• Professional organization = Institute of Internal Auditors (IIA)
• Must be CPA

Government Auditors

• Government auditors are employed by federal, provincial, and local governments or other government organizations
• Considered to be a type of internal auditor
• Federal level: Office of the Auditor General (OAG) and Canada Revenue Agency (CRA)
  • OAG is responsible for Parliament
  • CRA examines the books and records of organizations and individuals to determine whether their tax returns are accurate and in compliance with applicable tax laws and regulations
• Example: tax auditor
• Normally CPA

Forensic Auditors

• Forensic auditors are employed by corporations, government agencies, public accounting firms, and specialized consulting and investigate service firms
  • Trained in detecting, investigating, and deterring fraud and white-collar crime
• Example: fraud examiner
• Professional association: Association of Certified Fraud Examiners (ACFE)
• Does not necessarily need a CPA but it helps

Types of Audit and Assurance Services

Other Audit Services

• (1) Internal control audits
  • In 2002, Sarbanes-Oxley Act (SOX) required public companies listed on exchange in the US to engage an external auditor to provide an opinion on the effectiveness of internal control in addition to an opinion on the F/S
  • An audit of internal control is available but not required for private entities
  • In 2003, Ontario passed Bill 198 which has the same intent as SOX, it is known as the Canadian SOX (C-SOX)
    • Requires CEO and CFO to verify that their annual and interim filings are accurate representations of SOX 404
    • There is no requirement for Canadian companies to have auditors provide an opinion on the effectiveness of internal controls as there is for F/S
  • Internal control and an audit of F/S are closely interrelated 🡪 auditing standards for publicly accountable enterprises require an integrated audit which is an audit of both F/S and internal controls over financial reporting, provided by the external auditor
• (2) Compliance audits determines the extent to which rules, policies, laws, covenants, or government regulations are followed by the entity being audited
• (3) Operational audits involve a systematic require of part of all of an organization’s activities to evaluate whether resources are being sued effectively and efficiently
  • Purpose: provide assurance, assess performance, identify areas for improvement, and develop recommendations with respect to operational effectiveness and efficiency
  • Referred to as performance audit or management audit
  • Requires the auditor to identify or create objective, measurable criteria against which to assess effectiveness and efficiency
• (4) Forensic audits
  • Purpose: detect or deter fraudulent activities
• Often performed by auditors employed by public accounting firms

Assurance Services

• Assurance services – auditing is a specialized form of assurance services
• CPAs can offer a variety of services that provide assurance but that do not qualify as auditing or attestation
• Assurance services are governed by either the attest or consulting standards

Non-Audit Services

• Note: C-SOX prohibits external auditors from providing many forms of non-audit assurance and consulting work to public companies for which the auditor also provides a F/S audit
• Tax preparation and planning services
• Management advisory services (MAS) are consulting services that may provide advice and assistance concerning an entity’s organization, personnel, finances, operations, systems, or other activities
  • Due to independence requirements, CPA firms perform MAS for private entitles or for public companies for whom they do not provide a F/S audit
• Compilation and review services
  • Compilations is when a public accounting firm prepares the F/S of companies

Public Accounting Firms

Public accounting firms’ range in size from a single proprietor to thousands of owners (or “partners”) and thousands of professional and administrative staff employees Public accounting firms are organizations created to provide professional accounting-related services, including auditing

Organization and Composition

• Due to the risk of litigation against CPAs, public accounting firms would organize as corporations
  • Provinces and territories do not allow accounting firms to organization as corporations; this prevents them from hiding behind the corporate veil to avoid claims of negligence if they occur
  • This is why firms have structured themselves as LLPs
• Under an LLP, partners are not personally responsible for liabilities arising from other partners’ and most employees’ negligent acts
  • The personal assets of the responsible partner(s) and the assets of the partnership itself are vulnerable to lawsuits resulting from partners’ or employees’ acts

Audit Team Members

A Time of Challenge and Change

• During the economic boom of the late 1990s and the early 2000s, accounting firms aggressively sought opportunities to market a variety of high-margin non-audit services to their auditees
  • Independence standards in force at the time allowed auditors to perform many services, including info systems design and implementation and internal audit services, even for public company auditees
  • Consulting revenue of the largest public accounting firms grew rapidly, until in many instances. Consulting revenues from auditees far exceeded the fee for the external audit
• Note: have a good understanding of SOP and “CSOXs”

An Explosion of Scandals

• Numerous scandals involving corporate giants, brokerage firms, stock exchanges, mutual fund managers, and several of the large public accounting firms were uncovered
  • Ex: Enron, Nortel, Livent Entertainment, WorldCom, Arthur Andersen, Sino Forest

Government Regulation

Note: good idea to keep a list of government regulations because they will be referred to often

Society’s Expectations and the Auditor’s Responsibilities

• The auditor’s responsibility is to provide reasonable (not complete) assurance that the F/S are free of material misstatement, whether caused by error, fraud, or illegal acts
  • We are not going to find every single item
  • We have guidelines to tell us what to do to find fraud – does this mean that we will find it? Not necessarily
  • We will plan our audit so that we have a 95% chance of catching any of those items
• Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reasonable, but not absolute, assurance that material misstatements are detected
  • Note: important to have a good idea of what this is
  • Leads to what is sometimes referred to as the expectations gap

Responsibility for the F/S

• Who has responsibility of F/S? Management
  • They are making assertions on transactions and balances that have occurred
  • Auditors are not responsible for this
• While auditors have important responsibilities, management is primarily responsible for maintaining effective internal control and for ensuring the fairness of the company’s F/S
• The auditor’s responsibility is to provide reasonable assurance with respect to errors, fraud, and illegal acts clearly shape the auditor’s environment and the work that they perform

Note: appendix A 🡪 1 or 2 short answers from this section

The Context of F/S Auditing

The Organization as the Primary Context of Auditing

• The business or entity being audited is the primary context that shapes the external auditor’s environment
• How you apply auditing tools on any particular engagement will depend greatly on the nature of the entity’s business

A Model of Business

• While businesses in different industries can have different characteristics, most have some fundamental conceptual characteristics in common
• These commonalities provide a way for auditors to organize how they approach F/S audits, regardless of the type of entity they are auditing

Figure 2.1 – an overview of an organization’s operations (1) Governance (2) Business objectives and strategies (3) Business processes (5 broad categories) (4) Risks (5) Controls (6) Reporting

• Characteristics of an entity’s business model provide a way for auditors to plan how they approach F/S audits
• We need to know where revenue is coming from
  • Are they being recorded correctly?
  • Are they being recognized in the correct period?
• Understanding the business’ internal controls
  • What are the best types of controls for this type of revenue?
• Ultimately, this is the first step we need to do to plan the audit
  • Ensure that we are developing the correct tests 🡪 nature, timing, and extent

Note: regardless of the company, the financial standards must follow their respective policies

Corporate Governance

Business organizations exist to create value for their stakeholders Due to the way resources are invested and managed in the modern business world, a system of corporate governance is necessary, through which managers are overseen and supervised The body primarily responsible for management oversight in Canadian corporations is the board of directors The audit committee, consisting of a subset of independent board members, oversees the internal and external auditing work done for the organization

• Corporate governance oversight mechanisms in place to help ensure the proper stewardship over an entity’s assets
• Strong corporate governance ensures that those managing an entity properly utilize their time, talents, and the entity’s resources in the best interests of absentee owners, shareholders, or members, and that they faithfully report the economic condition and performance of the enterprise

A Model of Business Processes: Five Components

Auditors typically organize a F/S audit into five basic business processes: (1) Revenue process (2) Financing process (3) Purchasing process (4) HR management process (5) Inventory management process Above are “classes of transactions” This is how we organize an audit Business organizations exist to create value for their stakeholders Due to the way resources are invested and managed in the modern business world, a system of corporate governance is necessary, through which managers are overseen and supervised

• Financing:
  • A bank uses lends out money to individuals or businesses which means they are usually the ones who receive the repayments from these lenders
• Purchasing:
  • An automobile manufacturer provides goods (car parts) and services (installation or repairs)
  • A bank provides goods (if money is considered a good) and services (mostly services)
• HR management:
• Inventory management:
  • Automobile hold different car parts as inventory
  • A bank’s sole inventory is money
• Revenue:
  • An automobile manufacturer collects revenue upfront or through financing options (if available) after a good or service is provided
  • A bank collects revenue from loans they give out (ie., revenue = loan repayments)

Organization That Affects Auditing

Canada

• CSA – Canadian Securities Administrator
• CPA Canada – Chartered Professional Accountants of Canada
• CPAB – Canadian Public Accountability Board
• AASB – The Auditing and Assurance Standards Board
  • Independent body and responsibility to set standards for quality management, audit, and other assurance and related services engagement and guidance in Canada
  • Standards it issues:
    • Statements on auditing standards
    • Statements on standards for assurance engagements
    • Statements on standards for review and compilation engagements
    • Statements on audit quality control standards
• AcSB – Auditing Standards Board

Internationally

• IASB – International Accounting Standards Board
• IAASB – International Auditing and Assurance Standards Board

Auditing Standards

• Auditing standards help to ensure that F/S audits are conducted in a consistent and thorough manner and serve as an important set of criteria for evaluating the quality of the auditor’s performance

Auditing Standard Setters

• Organizations that set auditing standards that are relevant for F/S auditors in Canada and internationally:
  • (1) AASB – Auditing and Assurance Standards Board
    • Non-public company audits
    • Standards are influenced by the auditing standards of the IAASB
  • (2) CPAB – Canadian Public Accountability Board
    • Public company audits
    • Came from C-SOX
  • (3) IAASB – International Auditing and Assurance Standards Board
    • Used in over 125 international jurisdictions

Principles Underlying an Audit

• “The principles underlying an audit conducted in accordance with generally accepted auditing standards” is the preface to the AASB’s auditing standards
• These principles are grouped into four categories:
  • (1) Purpose and premise of an audit
  • (2) Responsibilities of the auditor
  • (3) Performance of the audit
  • (4) Reporting
• The description of the principles provides a valuable overview of the importance of an audit, the fundamental responsibilities of management and of the auditor, and the basic concepts of how an auditor should go about performing and reporting on an audit

Purpose of an Audit and Premise Upon Which an Audit is Conducted

• (1) The purpose of an audit is to enhance the degree of confidence of intended users in the F/S
  • This is achieved by the expression of an opinion by the auditor on whether the F/S are prepared, in all material respects, in accordance with an applicable financial reporting framework
  • In the case of most general purpose frameworks, that opinion is on whether the F/S are presented fairly, in all material respects, or give a true and fair view in accordance with the framework
• (2) An audit in accordance with Canadian auditing standards is conducted on the premise that management and, where appropriate, those charged with governance, have responsibility
  • For the preparation of the F/S in accordance with the applicable financial reporting framework, including, where relevant, their fair presentation; or such internal control as management and, where appropriate, those charged with governance determine is necessary to enable the preparation of F/S that are free from material misstatement, whether due to fraud or error
  • To provide the auditor with:
    • Access to all info of which management and, where appropriate, those charged with governance are aware that is relevant to the preparation of the F/S such as records, documentation, and other matters
    • Additional info that the auditor may request from management and, where appropriate, those charged with governance for the purpose of the audit
    • Unrestricted access to those within the entity from whom the auditor determines it necessary to obtain audit evidence

Responsibilities

• (3) Having appropriate competence and capabilities to perform the audit
  • Complying with relevant ethical requirements
  • Maintaining professional skepticism and exercising professional judgment, throughout the planning and performance of the audit

Performance

• (4) To express an opinion, the auditor obtains reasonable assurance about whether the F/S are free from material misstatement, whether due to fraud or error
• (5) To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor ...
  • Plans the work and properly supervises any assistants
  • Determines and applies appropriate materiality level or levels throughout the audit
  • Identifies and assesses risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity’s internal control
  • Obtains sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks
• (6) The auditor is unable to obtain absolute assurance that the F/S are free from material misstatement because of inherent limitations, which arise from ...
  • The nature of financial reporting
  • The nature of audit procedures
  • The need for the audit to be conducted within a reasonable period of time and to achieve a balance between benefit and cost

Reporting

• (7) Based on an evaluation of the audit evidence obtained, the auditor expresses, in the form of a written report, an opinion, modification of opinion, or denial of opinion, in accordance with the auditor’s findings
  • The opinion states whether the F/S are presented fairly, in all material respects, in accordance with the applicable financial reporting framework

The Nature of Auditing Standards

• AASB – Auditing Standards Board 🡪 CAS – Canadian Auditing Standards
• IAASB – International Auditing and Assurance Standards Board 🡪 ISA – International Standards on Auditing
• Similarly, to the conceptual framework of the accounting standards, the CAS, and ISS tend to be general in nature

The Codification of Auditing Standards – CAS

CAS are classified by numbering categories The numbering applies to the order in which the standards are issued by the IAASB and are thus chronological

The Codification of Auditing Standards – ISA

• The International Standards on Auditing (ISA) promulgated by the IAASB consist of 36 individual standards covering the full range of auditing topics
• There is less structure to the organization of the ISA than exists for the codified SAS and AS, but in the end the coverage and sequence of topics is quite similar

Ethics and Professionalism

• Independence is a state of objectivity in fact and in appearance, including the absence of any significant conflicts of interest
• Ethics is a system or code of conduct based on moral duties and obligations that indicate how we should behave
• Professionalism is the conduct, aims, or qualities that characterize a profession or professional person

The Rules of Professional Conduct

• All professions (ex: medicine, law, and accounting) operate under some type of code of ethics or code of conduct
  • The CPA’s Rules of Professional Conduct establishes guidance for acceptable behavior for auditors
• The CPA’s Rules of Professional Conduct applies to all auditors, including those auditing public companies

Audit Planning, Types of Audit Tests, and Materiality

September 13, 2023

Client Acceptance and Continuance

Prospective Client Acceptance

• Before accepting a new client, the accounting firm must determine that it …
  • (1) Has the capabilities to perform the engagement
    • Sufficient personnel with technical skills/knowledge
  • (2) Complies with legal and relevant ethical requirements
    • Independent within rules of professional conduct, etc.
  • (3) Has considered the integrity of the client
    • Management cooperating/entity viable, etc.

Has the Capabilities to Perform the Engagement

• Determine if the firm…
  • Has the necessary technical skills and knowledge of relevant industry or subject matters
  • Has personnel that have experience with relevant regulatory or reporting requirements
  • Has sufficient personnel with necessary competence and capabilities
  • Has specialists, if needed
  • Can complete the engagement within the reporting deadline

Complies with Legal and Relevant Ethical Requirements

• Determine if the firm …
  • Is independent of the entity
  • Can accept the entity without violating any applicable regulatory agency requirements or the Rules of Professional Conduct

Has Considered the Integrity of the Client

• Determine the following:
  • The identity and business reputation of the client’s principal owners, key management, and those charged with governance
  • The nature of the client’s operations, including its business practices
  • Info concerning the attitude of the client’s principal owners, key management, and those charged with governance toward matters such as internal control or aggressive interpretation of accounting standards
  • Indications of an inappropriate limitation in the scope of the work
  • Indications that the client might be involved in criminal activities
  • The reasons for the proposed appointment of the firm and non-reappointment of the previous firm

Communicating with Predecessor Auditor

• Successor auditor should request permission of the prospective client before contacting the predecessor auditor
• Send a professional courtesy letter – below is a list of possible info to request:
  • Info that might bear on the integrity of management
  • Disagreement with management about accounting policies, auditing procedures, or other similarly significant matters
  • Communications to audit committees or others with equivalent authority and responsibility regarding fraud, illegal acts by clients, and internal-control-related matters
  • The predecessor auditor’s understanding as to the reasons for the change of auditors
  • The predecessor auditor’s understanding of the nature of the company’s relationships and transactions with related parties and significant unusual transaction
• If the engagement is accepted, the successor will likely ask to review the PY working paper files

Continuing Client Retention

• Public accounting firms should evaluate periodically whether to continue their relationship with current clients
• This evaluation may take place at or near the completion of an audit or when some significant event occurs
• Why would we not want to retain a client?
  • Dispute
  • Client does not want to pay their bill – complains about fees
  • Client argues about accounting policies

Preliminary Engagement Activities

• (1) Determine the audit engagement team requirements
  • Public accounting firms need to ensure that their engagements are completed by auditors who have the proper degree of technical training and proficiency
  • Factors to be considered: engagement size, complexity, level of risk, special expertise, personnel availability, timing of the work to be performed
• (2) Assess compliance with ethical and independence requirements
  • A public accounting firm should ensure that persons at all organizational levels within the firm meet the profession’s ethical requirements
  • Firms should document compliance by having all personnel complete an annual independence questionnaire
• (3) Establishing an understanding with the entity 🡪 see exhibit 3.1
• Using the work of internal auditors 🡪 see table 3.2
• If IAF is reliable, external auditor may use the IA work in certain areas to reduce the scope (extent) of the audit work
• The materiality of the account balance and related audit risk may also contribute to how much the external auditor can rely on the IA’s work

Establishing an Understanding with the Entity

• The auditor should establish an understanding with the entity about the terms of the engagement
  • Understanding reduces the risk that either party may misinterpret what is expected or required of the other party
• In doing so, three topics should be discussed:
  • (1) The engagement letter
  • (2) Using the work of the internal audit function
  • (3) The role of the audit committee
• The engagement letter documents the terms of the engagement, which should include the objectives of the following:
  • The engagement
  • Management’s responsibilities
  • The auditor’s responsibilities
  • The limitations of the engagements

The Engagement Letter

• In addition to the items mentioned in the sample engagement letter, the engagement letter may include:
  • Arrangements for use of specialists or internal auditors
  • Any limitations of liability of the auditor or client
  • Additional services to be provided
  • Arrangements regarding other services

Internal Audit Function

• The internal audit function is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations
• Helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes
• Factors for evaluating the reliability of the internal audit function:
  • (1) Objectivity
  • (2) Competence
  • (3) Systematic and disciplined approach

Figure 3.2 – factors for evaluating the reliability of the internal audit function

The Audit Committee

• Subcommittee of the board of directors
• Responsible for the financial reporting and disclosure process
• No specific requirements for privately held companies
• Canadian Securities Administrators National Instrument 52-110 requires the following for audit committee members of public companies:
  • Member of board of directors and independent
  • Directly responsible for overseeing work of any registered public accounting firm employed by the company
  • Must pre-approve all audit and non-audit services provided by its auditors
  • Must establish procedures to follow for complaints
  • Must have authority to engage independent counsel

Planning the Audit

Audit Strategy and Plan

• The auditor will develop an overall audit strategy for conducting the audit
  • This will help the auditor to determine what resources are needed to perform the engagement
  • Scope of the engagement
  • Reporting objectives to plan the timing of the audit
  • Factors will determine the focus of the audit team
• The auditor then develops an audit plan
  • An audit plan is more detailed than the audit strategy
  • The audit plan should consider how to conduct the engagement in an effective and efficient manner
  • Document description of planned nature, timing, and extent of audit procedures
  • The nature of an audit plan is to determine the types of testing
• When preparing the audit plan, the auditor should be guided by the …
  • Results of the client acceptance/continuance process
  • Procedures performed to gain the understanding of the entity
  • Preliminary engagement activities
• Steps that should be included:
  • (1) Assess business risks
  • (2) Establish materiality
  • (3) Consider multi-locations
  • (4) Assess the need for specialists
  • (5) Consider violations of laws and regulations
  • (6) Identify related parties
  • (7) Consider additional value-added services
  • (8) Document the overall audit strategy, audit plan, and prepare audit programs
• With this info, the overall strategy and detailed plan is prepared
  • The info is then used to prepare individual audit programs 🡪 see exhibit 3.2
  • An audit program is like an action plan – the goal being to create a framework detailed enough for any outside auditor to understand

Assess Business Risks

Audit risk is the risk that the auditor expresses an inappropriate audit report when the F/S are materially misstated The risk of material misstatement is used to plan the auditing procedures to be performed

Establish Materiality

Auditors consider materiality from a reasonable user perspective and communicate to users that “the F/S present fairly, in all material respects” The consideration of materiality is a matter of professional judgement and will vary across entities

Consider Multi-Locations or Business Units

• Auditor determines which locations or business units are to be audited and extent of audit procedures
• Auditor then assesses the risks of material misstatement to the consolidated F/S associated with the location or business unit
• The auditor correlates the amount of audit attention devoted to the location or business unit with the level of risk present

Assess the Need for Specialists

• A major consideration in planning the audit is the need for a specialist
• An auditor’s specialist is an individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence
• The use of an IT specialist is a significant aspect of most audit engagements
• The presence of complex info technology may require the use of an IT specialist

• Tax specialist

Consider Violations of Laws and Regulations

CAS 250 requires that the auditor understand the regulatory environment their client operates in This allows the auditor to identify any illegal acts including non-compliance with regulatory requirements

Table 3.3 – info or circumstances that may indicate a violation of laws and regulations

Related Parties

• Auditors should evaluate the entity’s identification of, accounting for, and disclosure of transactions with related parties
• Auditors should attempt to identify all related parties during the planning phase of the audit
  • It is important to identify related party transactions because the transaction may not be “at arm’s length”
• Auditors need to inquire of management about:
  • The names of related parties
  • The nature of relationships
  • The types of transactions
  • The reasons for entering into the transactions with related parties
• Sources of info on related parties:
  • Minutes of board of directors’ meetings
  • Conflict-of-interest statements from management and others
  • Financial and reporting info provided to creditors, investors, and regulators
  • Contracts or other agreements (including side agreements that may not be formally documented between customers and vendors, and management)
  • Contracts and other agreements representing significant unusual transaction

Additional Value-Added Services

Document Audit Strategy, Audit Plan, and Prepare Audit Programs

• The auditor documents how the entity is managing its risk (internal control processes) and the effects of the risks and controls on the planned audit procedures
• Auditors ensure they have addressed the risks they identified by documenting the linkage from the entity’s business, objectives, and strategy to the audit plan
• Discussion of things to come: the auditor’s preliminary decision concerning control risk determines the level of control testing, which in turn, affects the auditor’s substantive tests of the account balances and transactions

Supervision of the Audit

• Engagement partner and other supervisory members of the team:
  • Info engagement team members of their responsibilities
    • The objectives of the procedures that they are to perform
    • The nature, timing, and extent of procedures they are to perform
    • Matters that could affect the procedures to be performed or the evaluation of the results of those procedures
  • Direct engagement team members to identify and communicate audit issues
  • Review the work of the engagement team members
    • The work was performed and documented
    • The objectives of the procedures were achieved
    • The results of the work support the conclusions reached

Types of Audit Tests

• Risk assessment procedures are used to obtain an understanding of the entity and its environment, including its internal control
  • Inquiries of management and others
  • Preliminary analytical procedures
  • Observation and inspection
• Tests of control is directed toward the evaluation of the effectiveness of the design and operation of internal controls
  • Tests are documented as efficient or not efficient
  • Does not involve monetary amounts – just checking to make sure that the procedures that the company has put in place are working
• Substantive procedures detect material misstatements in a transaction class, account balance, and disclosure component of the F/S
  • Procedures designed to catch the material misstatements
  • Considered with monetary amounts

Tests of Controls

• Inquiry of appropriate management, supervisory, and staff personnel
• Inspection of documents, reports, and electronic files
• Observation of the application of specific controls
• Reperformance of the application of the control by the auditor
• Walkthrough that involves tracing a transaction from its origination to its inclusion in the F/S through a combination of audit procedures, including inquiry, observation, and inspection

Substantive Procedures

• Tests of details:
  • (1) Substantive tests of transactions
    • Tests for errors or fraud in individual transactions
  • (2) Tests of details of account balances and disclosures
    • Focuses on the items that are contained in the ending F/S account balances and disclosures
• Analytical procedures are evaluations of financial info through analysis of plausible relationships among financial and non-financial data

Dual-Purpose Tests

Tests of controls check the operating effectiveness of controls Substantive tests of transactions are concerned with monetary misstatements It often makes sense to design audit procedures to conduct both a test of controls and substantive test of transactions simultaneously on the same document

Terms

• Vouching is the use of documentation to support recorded transactions or amounts
  • Supports the occurrence/existence assertion
  • We go from the recorded transactions in journals/ledgers to supporting documentation
• Tracing is the documentation to determine if transactions or amounts are included in the accounting records
  • Supports the completeness assertion
  • We go from the documentation to the transactions recorded in journals/ledgers

Materiality

• An acceptable interpretation of materiality is that a fact is material if there is “a substantial likelihood that the fact would have been viewed by the reasonable investor as having significantly altered the ‘total mix’ of info made available”
• Materiality is not an absolute and it is not a black or white issue
• The determine of materiality requires professional judgement
• This is an important concept in the course and in your career

Steps in Applying Materiality on an Audit

• (1) Determine overall materiality – planning materiality
• (2) Determine tolerable misstatement – allocation of materiality at individual account/class of transactions level
• (3) Evaluate auditing findings – near the end of the audit

Determine Overall Materiality

Determine Tolerable Misstatement

• Tolerable misstatement is the amount of planning materiality allocated to an account or class of transactions
• Combined tolerable misstatement is greater than planning materiality because …
  • Not all accounts will be misstated by their full tolerable misstatement allocation
  • Audits of individual accounts are conducted simultaneously
  • Materiality is a small fraction of the account being audited and planned procedures will be sufficiently precise to identify significant misstatements
  • When errors are identified, additional testing is performed in that account and related accounts
  • Overall materiality serves as a “safety net”

Evaluate Auditing Findings

• When the audit evidence is gathered, the auditor:
  • Aggregates misstatements from each account or class of transactions (including known are likely misstatements)
  • Considers the effect of misstatements not adjusted in the PY
  • Compares the aggregate misstatement to overall materiality
  • If aggregate misstatement < overall materiality, the auditor can conclude that the F/S are fairly presented, if not, an adjustment should be made

1. The anticipated sample size of the planned substantive tests
2. The entity’s income before taxes for the period to date (ex: 6 months)
3. The results of tests of controls
4. The contents of the engagement letter

Risk Assessment

September 22, 2023

Audit Risk

• Due to the nature of audit evidence and the characteristics of management fraud, an auditor can only provide reasonable assurance, as opposed to absolute assurance, that the F/S are free of material misstatement

Audit risk is the risk that an auditor expresses an inappropriate audit opinion when the F/S are materially misstated Audit risk will be low or very low 🡪 we can attach percentages, but it will never be 0% (5% is an average number)

• The auditor should perform the audit to reduce audit risk to a sufficiently low level before expressing an opinion on the overall F/S
• At the assertion level, audit risk consists of …
  • (1) The risk that the relevant assertions related to the account balances or disclosures contain misstatements that could be material to the F/S
  • (2) The risk that the auditor will not detect such misstatements
• Achieved audit risk can be directly controlled by manipulating detection risk

The Audit Risk Model

• Note: important concept to conduct an audit 🡪 helps with tests and exams
• The auditor considers audit risk at the relevant assertion level because this directly assists the auditor to plan the appropriate audit procedures for the accounts, transactions, or disclosures
• Risk that the relevant assertions are misstated consists of two components:
  • (1) Inherent risk (IR) susceptibility of an assertion in an account or disclosure to a misstatement due to error or fraud that could be material, before consideration of any related controls
  • (2) Control risk (CR) is risk that a misstatement could occur in an assertion about an account or disclosure and that could be material will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control
• The levels of IR and CR are functions of the entity and its environment
  • Auditor has little to no control over these risks
• The combination of IR and CR is known as the risk of material misstatement (RMM) which is the risk that the F/S might be materially misstated prior to the audit
  • Also known as client risk because it stems from decisions made by the entity
• (3) Detection risk (DR) is risk that the procedures performed by the auditor to reduce audit risk to an acceptable low level will not detect misstatements that exist and could be material
  • Inappropriate audit procedure
  • Misinterpreting audit evidence
  • Failure to recognize a misstatement or deviation 🡪 non-sampling risk
  • Determined by the effectiveness of the audit procedures and how well the procedures are applied by the auditor

Audit Risk Model Formula

• DR has an inverse relationship to IR and CR
• Audit risk model: Audit risk = IR*CR*DR or = RMM*DR
  • This is a model – it is not precise
  • It helps us perform the things we need to do
  • Audit risk is set
  • DR is what we manipulate
• This model expresses the general relationship of audit risk to the auditor’s assessment of RMM and the risks that the auditor’s procedures will fail to detect a material misstatement in a relevant assertion
• Determination of audit risk and the use of the audit risk model involve considerable judgement on the part of the auditor
  • The audit risk model assists the auditor in determining the scope of auditing procedures for an assertion in an account or disclosure
• If the auditor assesses the achieved audit risk as being less than nor equal to the planned level of audit risk, an unqualified report can be issued
  • If not, the auditor should conduct additional audit work to qualify/modify the audit report
  • In either case, the judgements involved are highly subjective
• Risk of material misstatement: RMM = inherent risk (IR) and control risk (CR)
  • What is inherently risky in the business to lead them to these F/S?
  • This formula is asking “what is the client’s risk?”
  • Note: control risk 🡪 chapter 6 and 7 is about internal controls
• Detection risk: DR = non-sampling risk or sampling risk
  • Detection risk is that risk that we take as auditors that we will not find that particular misstatement
  • If this is high, then we are willing to take more risk because the company is doing a great job at identifying their risks 🡪 we will do less audit procedures and testing because we are more confident in the organization’s ability to manage their material misstatements to a low level
  • If this is low, that means there is a greater scope 🡪 more audit procedures and testing is needed

Engagement Risk

• Engagement risk is an auditor’s exposure to financial loss and damage to professional reputation is due to litigation, adverse publicity, and/or other events arising in connecting with the audited financials

Using the Audit Risk Model

• Steps involved in the auditor’s use of the audit risk model at the assertion level:
  • (1) Setting a planned level of audit risk
    • Auditor sets audit risk for each account balance or disclosure in such a way that, at the completion of the engagement, an opinion can be issued on the F/S with an acceptable low level of audit risk
    • Publicly traded companies have audit risk at 5% or less
    • To ensure that audit risk is set at an acceptable level, auditors will assess the degree to which users will rely on the F/S, the likelihood of financial difficulties after the audit report has been released, and the integrity of management
  • (2) Assessing the risk of material misstatement 🡪 IR*CR
    • Auditor evaluates the entity’s business risks and how those business risks could lead to material misstatements
  • (3) Determining the appropriate level of detection risk
    • AR = IR*CR*DR
    • DR = AR/(IR*CR) or = AR/RMM
    • Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level

Auditors assess each component of the audit risk model using either quantitative or qualitative terms AR does not change Recall: there’s an inverse relationship between RMM and DR

Figure 4.1 – the relationship of the entity’s business risks to the audit risk model

In the table, why is the auditor setting DR at high? What does a high assessment of DR mean in terms of the level of audit testing?

• DR is set high because there is a low risk that a material misstatement is present in the F/S
• As a result, the auditor needs to gather less evidence

Limitations of the Audit Risk Model

• The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results:
  • The model is only as good as the judgements and assessments used as inputs (ex: it does not consider potential auditor error)
  • The desired level of audit risk may not actually be achieved

The Auditor’s Risk Assessment Process

Auditor’s Risk Assessment Procedures

• How do we gather this evidence?
  • Inquires of management, other entity personnel, and others outside of the entity
  • Analytical procedures
  • Observation and inspection

Inquires of Management, Other Entity Personnel, and Others Outside the Entity

• Auditor obtains info about the entity and its environment through inquiry of management, individuals responsible for financial reporting, and other personnel within the entity
• Making inquiries of others within the entity provides the auditor with a perspective different from that of management and those responsible for financial reporting

Analytical Procedures

• Analytical procedures are evaluations of financial info made through analysis of plausible relationships among both financial and non-financial data
• Auditing standards require that the auditor perform analytical procedures as risk assessment procedures
• These assist the auditor in understanding the entity and its environment and in identifying areas that may represent specific risks relevant to the audit

Observation and Inspection

• May support inquiries of management and others
• May provide info about the entity and its environment

Assessing Business Risks

Figure 4.2 – an overview of the auditor’s risk assessment process (1) Auditors perform risk assessment procedures to obtain an understanding of the entity and its environment (2) This understanding helps the auditor identify business risks and understand the potential misstatements that may result (3) Considering the response of the entity to the business risk leads the auditor to assess the risk of material misstatement at the F/S and assertion level What is the entity doing to mitigate that risk?

Understanding the Entity and Its Environment

• Nature of the entity
• Industry, regulatory and external factors
• Objectives, strategies, and business risks
• Internal control
• Entity performance measures

Nature of the Entity

• To understand the nature of the entity, the auditor should obtain info about the entity’s:
  • Business operations
    • The nature of revenue sources
    • Products and services, and markets
    • The conduct of operations
    • Alliances
    • Joint ventures
    • Outsourcing activities
    • Location of production facilities, warehouses, and offices
    • Key customers and important suppliers of goods and services
  • Ownership and governance structures
  • Investments and investment activities
    • Planned or recent acquisitions or divestitures
    • Investments and dispositions of securities and loans
    • Capital investment activities
    • Investments in partnerships and joint ventures
  • Financing and financing activities
    • Major subsidiaries and associated entities
    • Debt structure
    • Leasing arrangements
    • Related parties
    • The use of derivative financial instruments
  • Financial reporting
    • Accounting principles and industry-specific practices
    • Revenue recognition practices
    • Accounting for fair values
    • Accounting for unusual or complex transactions

• LT implications to the financial health of the company
• Going concern issues
• Pressure to maintain historical profit margins
• Audit implication: increase the scope for accounts where estimates and valuation are more subjective

Industry, Regulatory, and Other External Factors

Objectives, Strategies, and Related Business Risks

• The auditor must identify and understand:
  • (1) Entity’s objectives
  • (2) Strategies used to achieve its objectives
  • (3) Business risks associated with those objectives and strategies

Internal Control

• The auditor needs to understand and assess the effectiveness of internal control in order to …
  • (1) Identify the types of potential misstatements and factors that affect the risks of material misstatement
  • (2) Assist in designing appropriate audit procedures

September 27, 2023

Assessing the Risk of Material Misstatement

• Risk assessment is the identification, analysis, and management of risks relevant to the preparation of F/S that are fairly presented in conformity with GAAP
• Auditor considers how the identified risks could result in a material misstatement in the F/S

Causes and Types of Misstatements

• Errors are unintentional misstatements of amounts or disclosures in the F/S
• Fraud refers to an intentional act by one or more among management, those charged with governance, employees, or third parties, involving the use of deception that results in a misstatement in the F/S
  • Auditors should assume that there are fraud risk factors put in place
• Primary distinction: whether the misstatement was intentional or unintentional

• Fraud involves intentional misstatements:
  • (1) Fraudulent financial reporting
  • (2) Misappropriation of assets
• Fraudulent financial reporting includes acts such as the following:
  • Manipulation, falsification, or alteration of accounting records or supporting documents used to prepare F/S
  • Misrepresentation in, or intentional omission from, the F/S of events, transactions, or significant info
  • Intentional misapplication of accounting principles relating to amount, classification, manner of presentation, or disclosure
• Misappropriation of assets involves the theft of an entity’s assets to the extent that F/S are misstated
  • Examples:
    • Stealing assets
    • Paying for goods/services not received by the company
    • Embezzling cash received
  • This is when the employee makes misrepresentations
  • Do the conditions exist to create an opportunity for someone?

The Fraud Risk Assessment Process

• The fraud risk identification process includes sources of info about possible fraud:
  • Discussion among the audit team
  • Inquires of management and others
  • Identification of fraud risk factors
  • Analytical procedures
  • Investigation of unexpected period-end adjustments

Conditions Indicative of Fraud and Fraud Risk Factors

• Conditions usually exist when fraud occurs:
  • (1) Incentive or pressure to perpetrate fraud
  • (2) Opportunity to carry out the fraud
  • (3) Attitude or rationalization to justify fraud

Risk Factors Relating to Incentive/Pressure

• Fraudulent financial reporting risk factors relating to incentive/pressure include:
  • Excessive pressure for management to meet third party expectations
  • Financial stability or profitability is threatened
  • Management’s personal financial situation is threatened

Risk Factors Relating to Opportunities

• Fraudulent financial reporting risk factors relating to opportunities include:
  • Nature of the industry or entity’s operations
  • Complex or unstable organizational structure
  • Ineffective monitoring of management
  • Deficient internal control

Risk Factors Relating to Attitudes/Rationalizations

• Fraudulent financial reporting risk factors relating to attitudes/rationalizations include:
  • Non-financial management’s excessive participation in selection of accounting principles and estimates
  • Excessive interest by management in share prices and earning trends
  • Committing to aggressive or unrealistic forecasts
  • Ineffective communication of ethical standards or selection of inappropriate ethical standards
  • Recurring attempts to justify marginal or inappropriate accounting based on materiality
  • History of violations of securities laws or allegations of fraud

Figure 4.5 – risk factors relating to the misappropriation of assets

Figure 4.3 – the process of responding to the risks of material misstatement and the design and performance of audit procedures

1. Company management falsifies the inventory count, thereby overstating ending inventory and understating cost of sales
2. An employee diverts customer payments to his personal use, concealing his actions by debiting an expense account, thus overstating expenses
3. An employee steals inventory, and the shrinkage is recorded as cost of goods sold
4. An employee borrows small tools from the company and neglects to return them; the cost is reported as a miscellaneous operation expense

Auditor’s Response to the Risk Assessment Results

• To respond appropriately to F/S level risks, the auditor may do the following:
  • Assign more experienced personnel or those with specialized knowledge
  • Evaluate the selection and application of accounting policies to identify earnings management or bias that may create a material misstatement
  • Incorporate additional elements of unpredictability in the selection of audit procedures

Evaluation of Audit Tests Results

• After the completion of the audit, the auditor should consider whether the total misstatements cause the F/S to be materially misstated
• If the F/S are materially misstated, the auditor should:
  • (1) Request management to eliminate the material misstatement
  • (2) If management does not make needed adjustments, the auditor should issue a qualified or adverse opinion
• If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should:
  • (1) Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect
  • (2) Consider the implications for other aspects of the audit
  • (3) Discuss the matter and the approach to further investigate with an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management
  • (4) Suggest the appropriate level of management consult with legal counsel
  • (5) Consider withdrawing from the engagement

Documentation of the Auditor’s Risk Assessment

• The auditor should document:
  • Discussions among engagement personnel
  • Procedures performed to identify and assess the risks of material misstatement due to error or fraud
  • Fraud risks or other conditions that result in additional audit procedures
  • The nature, timing, and extent of procedures performed in response to fraud risks identified and the results of that work
  • The nature of the communications about error or fraud made to management, the audit committee, and others

Communications about Fraud

• Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management
  • Fraud involving senior management and fraud that causes a material misstatement of the F/S should be reported directly to the audit committee
• The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees
• The disclosure of fraud to parties other than the client’s senior management and its audit committee is not part of the auditor’s responsibility and would be precluded by the auditor’s ethical or legal obligations of confidentiality, except when the following conditions exist:
  • To comply with certain legal and regulatory requirements
  • To a successor auditor when the successor makes inquiries from the predecessor auditor about the client
  • In response to a subpoena
  • To a funding agency or other specified agency in accordance with requirements for the audits of entities that receive governmental financial assistance

Evidence and Documentation

Term Test 1:

• 50 minutes
• Multiple choice
• Short answer – scenarios
• Chapter 1-4
• Chapter 5: learning objectives 1-4
  • Review questions 1-7
  • Problems: 31, 32, 33

October 2, 2023

Relationship of Audit Evidence to the Audit Report

• Auditing standards provide the basic framework for the auditor’s understanding of audit evidence and its use in supporting the auditor’s opinion on the F/S
• Auditor gathers evidence by conducting audit procedures to test management assertions
  • These serve as the support for the auditor’s opinion about whether the F/S are fairly presented

Figure 5.1 – an overview of the relationships among the F/S, management assertions, audit procedures, and the audit report The F/S reflect management’s assertions about the various F/S components The auditor tests management’s assertions by conducting audit procedures that provide evidence on whether each relevant management assertion is supported Direct relationship between RMM and the amount of evidence required

Management Assertions

• Management is responsible for the fair presentation of the F/S
• Management implicitly or explicitly makes assertions regarding recognition, measurement, and presentation of classes of transactions and events, account balances, and disclosures
• Assertions about classes of transactions and events, and related disclosures, for the period under audit:
  • Occurrence – transactions and events that have been recorded or disclosed have occurred, and such transactions and events pertain to the entity
  • Completeness – all transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the F/S have been included
  • Authorization – all transactions and events have been properly authorized
  • Cut-off – transactions and events have been recorded in the correct accounting period
  • Presentation – transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework
  • Classification – transactions and events have been recorded in the proper accounts
  • Accuracy – amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described
• Assertions about account balances, and related disclosures, at the period end:
  • Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the obligations of the entity
  • Existence – assets, liabilities, and equity interests exist
  • Completeness – all assets, liabilities and equity interests that should have been recorded have been recorded, and related disclosures that should have been included in the F/S have been included
  • Accuracy, valuation, and allocation – assets, liabilities and equity interests have been included in the F/S at appropriate amounts, and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described
  • Classification – assets, liabilities and equity interests have been recorded in the proper accounts
  • Presentation – assets, liabilities and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework

Table 5-2: summary of management assertions by category

• Classes of transactions is when we look over transaction cycles within an account
  • Occurrence is the one we look at the most
    • Did it actually occur?
  • Occurrence and existence are important when we’re looking at assets and revenue
• The account balances themselves are different – we want to look at the balance and see what is in that balance
  • What is the balance made up of?
  • Let’s make sure that the balance is correct

Audit Assertions CAS 315

• These are similar to management assertions
• Difference: no authorization

The Concepts of Audit Evidence

• Audit evidence is the info used by the auditor in arriving at the conclusions on which the audit opinion is based, and it includes the info contained in the accounting records underlying the F/S and other info
  • Audit evidence is one of the final three concepts
• (1) Nature of audit evidence
• (2) Sufficiency and appropriateness of audit evidence
  • Do we have enough?
  • Is it appropriate?
• (3) Evaluation of audit evidence

Nature of Audit Evidence

• The nature of audit evidence refers to the form or type of info
• Accounting records include the records of initial entries and supporting records

Sufficiency of Audit Evidence

• Sufficiency is the measure of the quantity of audit evidence
• The quantity of audit evidence needed is affected by the RMM and by the quality of the audit evidence gathered
  • The greater the RMM = the more audit evidence required to meet the audit test
  • The higher the quality of the evidence = the less evidence required to meet the audit test
  • Better quality > higher quantity of audit evidence
• Auditor relies on evidence that is persuasive rather than convincing
  • (1) An audit must be completed in a reasonable amount of time and at a reasonable cost
  • (2) Due to the nature of evidence, auditors must rely on evidence that is not perfectly reliable

Appropriateness of Audit Evidence

• Appropriateness is a measure of the quality of audit evidence
• Relevance refers to the relationship to the assertion being tested
• Reliability refers to whether a particular type of evidence can be relied upon to signal the true state of an assertion

Reliability

• Independent source outside the entity
  • Viewed more reliable than evidence obtained from within the entity
  • Evidence that is obtained from the entity but that has not been subjected to verification by an independent source is viewed as more reliable than evidence obtained solely from within the entity
• Effectiveness of internal control
  • When the auditor assesses internal control as effective, evidence generated by that accounting system is viewed as reliable (vice versa is true)
  • The more effective the entity’s internal control, the more assurance it provides about the reliability of audit evidence
• Auditor’s direct personal knowledge
  • Evidence obtained directly by the auditor is considered more reliable – knowledge of business
• Documentary evidence
  • Audit evidence is more reliable when it exists in documentary form (paper, electronic, or other medium)
• Original documents
  • Audit evidence provided by original documents is more reliable than photocopies or facsimiles
  • Found within the organization
  • Ex: minutes of a board meeting

1. Inquiry of an A/R clerk regarding the A/R balance – or – A/R confirmations sent to a sample of customers
2. Physical examination of lumber inventory performed by the external auditor – or – physical examination of inventory performed by internal auditors

Evaluation of Audit Evidence

• Proper evaluation of evidence requires an understanding of the:
  • (1) Types of evidence available
  • (2) Relative reliability of available evidence
• An auditor must be capable of assessing when a sufficient amount of appropriate evidence has been obtained in order to determine the fairness of management’s assertions
• An auditor should be thorough in searching for evidence and unbiased in its evaluation

Audit Procedures for Obtaining Audit Evidence

• Audit procedures are specific acts performed by the auditor to gather evidence about whether specific assertions are being met – there are three categories of audit procedures:
  • (1) Risk assessment procedures – used to obtain an understanding of the entity and its environment to assess the RMM at the F/’S and relevant assertion levels
  • (2) Tests of controls – used to test the operating effectiveness of controls in preventing or detecting and correcting, material misstatements at the relevant assertion level
  • (3) Substantive procedures – used to detect material misstatements at the relevant assertion level
• An audit program is a set of audit procedures prepared to test assertions for a component of the F/S
• Note: there is not a one-to-one relationship between assertions and audit procedures

Table 5.3 – audit procedures for assertions related to the audit of A/R:

Inspection of Records and Documents

• Inspection of records and documents consists of examining internal or external records or documents that are in paper form, electronic form, or other media
• Issues important in discussing inspection of records or documents:
  • (1) The reliability of such evidence
    • Evidence obtained from external documents is more reliable than evidence obtain from internal documents
    • Internal documents are generated and maintained within the entity
    • External documents can be documents originating within the entity but circulated to independent sources outside the entity or documents generated outside the entity but included in the entity’s accounting records
  • (2) The relationship the evidence has with the specific assertions
    • Relates directly to the occurrence and completeness assertions and to the dual direction of testing taken when documentary evidence is examined
    • Vouching refers to selecting an item for testing from the accounting journals or ledgers and then examining the underlying source document – provides evidence that items included in the accounting records have occurred
    • Tracing refers selecting a source document and then following it into the journal or ledger – ensures that transactions that occurred are recorded in the accounting records (completeness)

Figure 5.2 – dual direction for testing for validity and completeness

Inspection of Tangible Assets

• Inspection of tangible assets consists of physical examination of a tangible asset
• Provides assurance that the asset exists
• Provides little or no assurance for the rights and obligations assertion

Observation

• Observation is the process of watching a process or procedure being performed by others
• No audit trail can be tested by examining records or documents
• Limited to the point in time at which the observation takes place
• Limited by the fact that the entity’s personnel may act differently when the auditor is not observing them
• Useful in helping auditors understand the entity’s process
• Not considered reliable and requires additional corroboration by the auditor

Inquiry

• Inquiry consists of seeking info of knowledgeable persons within the entity or outside the entity
• In conducting inquiry, the auditor should:
  • Consider the knowledge, objectivity, experience, responsibility, and qualifications of the individual to be questioned
  • Ask clear, concise, relevant questions
  • Use open or closed questions appropriately
  • Listen actively and effectively
  • Consider the reactions and responses and ask follow-up questions
  • Evaluate responses

Confirmation

• Confirmation is audit evidence obtained by the auditor as a direct written response to the auditor from a third party
• The reliability of evidence obtained through external confirmations may be affected by factors such as:
  • The form of the confirmation
  • Prior experience with the entity
  • The nature of the info being confirmed
  • The intended respondent
• Provide reliable evidence for the existence and completeness assertion

Recalculation

• Recalculations consist of checking the mathematical accuracy of documents or records
• This is performed by the auditor = highly reliable

Reperformance

• Reperformance involves the auditor’s independent execution of procedures or controls that were originally performed by company personnel
• This is performed by the auditor = highly reliable

Analytical Procedures

• Evaluations of financial info made by a study of plausible relationships among both financial and non-financial data
• Analytical procedures can be used by an auditor to accomplish three purposes:
  • (1) Risk assessment procedures to assist the auditor to better understand the business and to plan the nature, timing, and extent of audit procedures
  • (2) Substantive analytical procedures are used as a substantive procedure to obtain evidential matter about assertions related to account balances or classes of transactions
  • (3) Final analytical procedures are used as an overall review of the financial info in the final review stage of the audit
• The reliability of analytical procedures is a function of …
  • (1) The availability and reliability of the data used in the calculations
  • (2) The plausibility and predictability of the relationship being tested
  • (3) The precision of the expectation and the rigor of the investigation

Scanning

• Scanning is the auditor’s exercise of professional judgement to review accounting data to identify significant or unusual items to test
• Spotting anomalies and issues that may need further investigation

Vouching and Tracing

• Vouching is the audit procedure in which a sample is chosen from the general ledger of the client and source documentation is obtained that provides evidence supporting the numbers reported in the accounting system
• Tracing is the audit procedure in which a sample of source documents is chosen and investigated to determine if they are recorded appropriately in the accounting system

Note: term test 1 is up to this material

Reliability of Types of Evidence

Table 5-6: general guidelines for reliability hierarchy by evidence type

General Reliability Relationship	Type of Evidence
Higher Lower	Inspection of tangible assets, reperformance, recalculation
	Inspection of records and documents, confirmation, analytical procedures, scanning
	Observation, inquiry

• The reliability of the evidence will depend on the facts and circumstances
• Note: this is a useful table
• Inspection of tangible assets, reperformance, recalculation is considered of high reliability because the auditor has direct knowledge about them
  • Inspection: whenever the auditor is doing something, the evidence will be of high quality
• Inspection of records and documents, confirmation, analytical procedures, scanning, vouching, and tracing are considered to be of medium reliability
  • Inspection of records and documents depend on whether a document is internal or external
  • Reliability of confirmation is affected by the four factors
  • Reliability of analytical procedures may be affected by the availability and reliability of the data
• Observation and inquiry are low reliability types of evidence because both require further corroboration by the auditor
  • Inquiry: this is the lowest because they are internal to the company

The Audit Testing Hierarchy

Figure 5-3: audit testing hierarchy, an evidence decision process for testing classes of transactions or significant balances The audit testing hierarchy starts with tests of controls and substantive analytical procedures Effectiveness: Auditor’s understanding and testing of controls influence the scope of substantive testing and enhance the auditor’s ability to identify areas where misstatements are more likely to be found Highly effective controls = less extensive substantive procedures Efficiency: Tests of controls and substantive analytical procedures are less costly to perform than are tests of details because they provide assurance on multiple transactions This figure recognizes that for some assertions, tests of details may be the only form of substantive evidence used because in some cases it may be more efficient and effective to move directly to tests of details

An “Assurance Bucket” Analogy

Figure 5-4: filling the assurance bucket Assurance bucket must be filled with sufficient appropriate evidence to obtain the level of assurance necessary to support the auditor’s opinion The size of the bucket can vary, depending on the auditor’s risk assessment and the assertion being tested

Figure 5-5: A/P example of filling the assurance buckets for each assertion

• Answer

Audit Documentation

Functions of Audit Documentation

• Audit documentation is the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached
  • Aka., working papers or the audit file
• Audit documentation has the following functions:
  • (1) To provide support for the audit report
    • Prove that the audit was conducted in accordance with CAS
    • When the engagement is complete, the auditor must decide on the type of report to issue
      • The basis for this decision rests in the audit evidence gathered and the conclusions reached and documented in the working papers
    • The working papers document that the scope of the audit was adequate for the report issued
  • (2) To aid in the planning, performance, and supervision of the audit
    • The working papers document the auditor’s compliance with auditing standards
    • The planning of the engagement, along with the execution of the audit plan, is contained in the working papers
  • (3) To provide a focal point for reviewing work of subordinates; to provide a basis for quality reviews

Content of Audit Documentation

• Audit documentation should:
  • (1) Demonstrate how the audit complied with auditing and related professional practice standards
  • (2) Support the basis for the auditor’s conclusions concerning each material F/S assertion
  • (3) Demonstrate that the underlying accounting records agree or reconciled with the F/S
  • (4) Include a written audit program detailing auditing procedures necessary to accomplish audit objectives
  • (5) Enable a knowledgeable and experienced reviewer to …
    • (a) Understand the nature, timing, extent, and results of audit procedures, evidence obtained, and conclusions reached
    • (b) Determine who performed and reviewed the work, as well as the dates of the work and reviews
• Most public accounting firms maintain audit documentation in two types of files:
  • (1) Permanent files
    • Corporate charter
    • Important contracts
    • Chart of accounts
    • Internal control documentation
    • Organization chart
    • Terms of share and bond issues
    • PY analytical procedures and results
  • (2) Current files
    • Adjusting journal entries
    • Audit plan and programs
      • Contains the strategy to be followed by the auditor in conducting the audit
      • Document outlines the auditor’s understanding of the entity and the potential audit risks
      • Contains the basic framework for how the audit resources are to be allocated to various parts of the engagement
      • Audit programs contain the audit procedures that will be conducted by the auditor
    • Reclassification journal entries
    • Working TB
      • This links the amounts in the F/S to the audit WP
    • Current F/S and auditor’s report
    • Minutes of meeting
    • WP supporting accounts

Format of Audit Documentation

• Heading:
  • Entity name
  • Title of the WP
  • Entity’s YE date
• Indexing and cross-referencing:
  • Audit documents must be organized so that members of the audit team or firm can find relevant audit evidence
  • When the auditor performs audit work on one WWP and supporting info is obtained from another WP, the auditor cross-references the info on each WP
  • Notations that provide a trail from F/S to audit documents
• Tick marks:
  • Used by auditors to document work performed
  • Notations made next to WP items indicating auditor/reviewer actions

Exhibit 5-2: example of account analysis WP

IMAGE

Ownership of Audit Documentation, Archiving and Retention

• Audit documentation should be organized so that audit team members and others can find evidence supporting F/S accounts
• All audit documentation is the property of the auditor, including documents prepared by the entity at the auditor’s request
• The Sarbanes-Oxley Act of 2002 requires audit documentation to be retained for a number of years from the completion date of the engagement
• Although the auditor owns the audit documents, they cannot be shown, except under certain circumstances, to outside parties without the entity’s consent

Advanced Module 1: Analytical Procedures

• Analytical procedures are evaluations of financial info through analysis of plausible relationships among both financial and non-financial data
• Analytical procedures can facilitate an effective audit by helping the auditor understand the entity’s business, directing attention to high-risk areas, identifying audit issues that might not be otherwise apparent, providing audit evidence, and assisting in the evaluation of audit results
• Inexpensive tests to perform

Purposes of Analytical Procedures

• Risk assessment procedures are used to assist the auditor to better understand the business and to plan the nature, timing, and extent of audit procedures
• Substantive analytical procedures are used to obtain evidential matter about particular assertions related to account balances or classes of transactions
• Final analytical procedures are used as an overall review of the financial info in the final review stage of the audit

Types of Analytical Procedures

• Trend analysis is the analysis of changes in an account over time
  • Simple trend analyses compare last year’s account balance with the current balance
  • Can encompass multiple time periods and includes comparing recorded trends with budget amounts and with competitor and industry info
  • The number of time periods used is a function of predictability and desired precision
• Ratio analysis is the comparison, across time or to a benchmark, of relationships between F/S accounts or between an account and non-financial data
  • Includes common-size analysis, which is the conversion of F/S amounts to percentages
  • Industry or competitor ratios are used to benchmark the entity’s performance
  • More effective at identifying risks and potential misstatements than trend analysis because comparisons of relationships between accounts and operating data are more likely to identify unusual patterns than is an analysis focused only on an individual account
• Reasonableness analysis involves forming an expectation using a model

Substantive Analytical Procedures

Figure 5-7: substantive analytical procedures decision process

Develop an Expectation

• The first step in the decision process is to develop an expectation for the amount or account balance
  • This is the most important step in performing analytical procedures
• Auditing standards require the auditor to have an expectation whenever analytical procedures are used
• An expectation can be developed using a variety of info sources such as:
  • Financial and operating data
  • Budgets and forecasts
  • Industry publications
  • Competitor info
  • Manager’s analyses
  • Analysts’ reports
• Precision is the quality of an expectation which is the measure of the potential effectiveness of an analytical procedure, and it represents the degree of reliance that can be placed on the procedure
  • Measure of:
    • The potential effectiveness of an analytical procedure
    • The degree of reliance that can be placed on the procedure
    • How closely the expectation approximates the “correct” but unknown amount

The degree of desired precision differs with the purpose of the analytical procedure A function of the materiality and required detection risk for assertion being tested If the assertion being tested requires a low level of detection risk, the expectation needs to be very precise The more precise the expectation, the more extensive and expensive the audit procedures (cost-benefit trade-off)

• Factors that affect the precision of analytical procedures:
  • (1) Disaggregation
    • The more detailed the level at which an expectation is formed, the greater the precision
    • Misstatements are difficult to detect when analyzing data at aggregated levels, due to offsetting trends or activities that can mask risks and misstatements
  • (2) The plausibility and predictability of the relationship being studied
    • Primary concern with plausibility is whether the relationship used to test the assertion makes sense
    • Many factors influence the predictability of relationships among financial and non-financial data
    • The more plausible and predictable the relationship, the more precise the expectation
  • (3) Data reliability
    • The ability to develop precise expectations is influenced by the reliability of the available data
    • The reliability of data for developing expectations depends on the independence of the source of the evidence, the effectiveness of internal controls, and the auditor’s direct personal knowledge
    • Data for analytical procedures are more reliable when the data are subjected to audit in the current or prior periods and when the expectation is developed from multiple sources of data
  • (4) Type of analytical procedures used to form an expectation
    • Trend analysis is the least precise method used and reasonableness analysis is the most precise
    • All three types are used for substantive analytical procedures, but reasonableness analysis is not commonly used for preliminary or final analytical procedures

Define a Tolerable Difference

• This is the 2^nd step in the analytical procedure decision process
• The size of the tolerable difference depends on:
  • (1) The significance of the account
  • (2) The desired degree of reliance on the substantive analytical procedures
  • (3) The level of disaggregation in the amount being tested
  • (4) The precision of the expectation
• The amount of difference that can be tolerated will always be lower than performance materiality
• Tolerable difference will usually be equal to the account’s tolerable misstatement

Compare the Expectation to the Recorded Amount

• This is the 3^rd step in the analytical procedure decision process
• Compare the expectation to the recorded amount and investigate any differences greater than the tolerable difference
• If the observed difference is < tolerable difference = auditor accepts the account
• If the observed difference is > tolerable difference = auditor must investigate the difference using other audit procedures

Investigate Differences Greater Than the Tolerable Difference

• This is the 4^th step in the analytical procedure decision process
• Differences identified by substantive analytical procedures indicate an increase likelihood of misstatements
• Explanations for significant differences observed (substantive analytical procedures) must be followed up and resolved through:
  • Quantification involves determining whether the explanation or error can explain the observed difference
    • Auditor should quantify the portion of the difference that can be explained
    • May require the recalculation of the expectation after considering the additional info
  • Corroboration means that auditors must corroborate explanations by obtaining sufficient appropriate audit evidence linking the explanation to the difference and prove that the info supporting the explanation is reliable
    • This evidence should be of the same quality as the evidence obtained to support tests of details
    • Common corroborating procedures include examination of supporting evidence, inquiries of independent persons, and evaluating evidence obtained from other auditing procedures
  • Evaluation means that the auditor should evaluate the results of the substantive analytical procedures to conclude whether the desired level of assurance has been achieved
    • If the auditor obtains evidence that a misstatement exists and can be sufficiently quantified, they make note of their proposed adjustment to the entity’s F/S

Investigate Differences for Risk Assessment and Final Analytical Procedures

If the auditor cannot find sufficient evidence within the WP, the auditor would … Formulate possible explanations Conduct additional testing Seek an explanation from the entity’s personnel

1. Obtain evidence from details tested to corroborate particular assertions
2. Identify areas that represent specific risks relevant to the audit
3. Assist the auditor in assessing the validity of the conclusions reached on the audit
4. Satisfy doubts when questions arise about an entity’s ability to continue in existence

Selected Financial Ratios Useful as Analytical Procedures

Short-Term Liquidity Ratios

• Short-term liquidity ratios indicate the entity’s ability to meet its current obligations
• Ratios commonly used for this purpose:
  • (1) Current ratio = current assets/current liabilities
  • (2) Quick ratio = liquid assets/current liabilities
  • (3) Operating cash flow ratio = cash flow from operations/current liabilities

Activity Ratios

Profitability Ratios

Profitability ratios indicate the entity’s success or failure for a given period Each ratio should be interpreted by comparison to industry data Gross profit % = gross profit/net sales Profit margin = net income/net sales Return on assets = net income/total assets Return on equity = net income/shareholders’ equity

Coverage Ratios

Coverage ratios provide info on the long-term solvency of the entity These ratios give the auditor important info on the ability of the entity to continue as a going concern Debt to equity = (ST debt + LT debt)/shareholders’ equity Times interest earned = (net income + interest expense)/interest expense